Qualified eIDAS Service Providers: The Official 2026 List

Why is the "qualified" eIDAS status decisive for your business?

Since the entry into force of the eIDAS Regulation (No. 910/2014), the European electronic signature market has been deeply restructured around a three-tier hierarchy: simple electronic signature (SES), advanced electronic signature (AES) and qualified electronic signature (QES). The latter is the only one to benefit from a legal presumption of equivalence with a handwritten signature across all Member States of the European Union.

For a company to be able to offer qualified signatures, it must have been audited and registered on the Trust List of its Member State. In France, it is the National Agency for the Security of Information Systems (ANSSI) that maintains this official register, republished in turn on the centralised European list managed by the European Commission.

Understanding this architecture is fundamental before signing any sensitive commercial contract. To go further on the regulatory foundations, our comprehensive guide to eIDAS 2.0 Regulation details all the obligations and changes introduced by the revised eIDAS 2.0 Regulation (EU Regulation 2024/1183).

---

How are qualified trust service providers certified?

The path to Qualified Trust Service Provider (QTSP) status is demanding. It involves an audit carried out by an accredited Conformity Assessment Body (CAB), in accordance with ETSI EN 319 401 standards (general requirements) and ETSI EN 319 411-2 for qualified certificates.

ANSSI qualification stages

1. Submission of the qualification application: the provider submits its technical, security and organisational documentation to ANSSI.
2. Audit by an accredited CAB: a third-party body — such as Bureau Veritas, LSTI or Apave Certification — verifies compliance on-site and on file.
3. Qualification decision: ANSSI pronounces the qualification and registers the provider on the French Trust List (TL-FR).
4. Periodic renewal: the qualification is re-evaluated, generally every two years, to ensure compliance requirements are maintained.

What does the audit specifically verify?

The auditor examines in particular:

• The physical security of data centres hosting cryptographic keys (HSM modules certified CC EAL 4+ or FIPS 140-2 Level 3 minimum) ;
• The certification policies (CP) and certification practice statements (CPS) published by the provider ;
• The procedures for identity verification of signers (face-to-face or remote identity verification compliant with EN 419 241-1 standard) ;
• The revocation management and availability of OCSP/CRL services.

These criteria explain why only a handful of players achieve and maintain this level of certification in France.

---

Qualified eIDAS service providers listed in France in 2026

The official list of qualified providers can be consulted at any time on the European Commission's official portal (eidas.ec.europa.eu/efts), by filtering on "France" and the "QCertESig" service (Qualified Certificate for Electronic Signature). Here are the players that were on the register at the time of writing this article (June 2026):

French providers registered on the Trust List

| Provider | Type of qualified service | Particularity | |---|---|---| | Certigna (Dhimyotis) | Qualified certificates, qualified time-stamping | La Poste group, eIDAS certified since 2016 | | Certinomis | Qualified certificates | La Poste subsidiary, focused on public sector | | ChamberSign France | Qualified certificates | Network of Chambers of Commerce and Industry, strong SME/micro-enterprise anchoring | | Keynectis / DocuSign France | Qualified certificates | Acquired by DocuSign, maintenance of ANSSI label | | Universign (Tessi) | Qualified certificates, time-stamping | Market pioneer, integrated into Tessi group | | Entrust (ex-Datacard) | Qualified certificates | International player, Multi-Member State Trust List | | Oodrive Sign | Qualified certificates | French sovereign software publisher, SecNumCloud qualified |

> Warning: this list is provided for information purposes only. Only the official Trust List of the European Commission is authoritative. Always verify current status on the ETSI portal before any contractual commitment.

Foreign service providers recognised in France via the European Trust List

Under the principle of mutual recognition set out in Article 25 of the eIDAS Regulation, a qualified signature issued by a QTSP registered on the trust list of another Member State produces the same legal effects in France. Among frequently used non-French providers:

• Namirial (Italy): strong in remote qualified signature (QES remote signing) ;
• SwissSign (Switzerland): note that Switzerland is not an EU member; recognition is partial ;
• Qualified.one / Asseco Data Systems (Poland): European public player, frequent in cross-border markets.

To compare these solutions according to your business needs, consult our comparison of electronic signature solutions which analyses the price, compliance and API integration criteria.

---

How to choose the right qualified eIDAS provider for your organisation?

Being listed on the Trust List is a necessary condition, but not sufficient. The choice of a QTSP must be based on several complementary criteria.

Technical and integration criteria

• REST API or SDK available: essential for automating signature in your business workflows (ERP, HRIS, CRM) ;
• Signature formats supported: PAdES for PDFs, XAdES for XMLs, CAdES for binary files — all standardised by ETSI EN 319 100 ;
• Service availability: SLA greater than 99.9% contractually guaranteed, with maintenance windows scheduled outside business hours ;
• Data hosting: prefer hosting in France or in the EU, ideally SecNumCloud qualified for sensitive data.

Legal and compliance criteria

• Verify that the provider provides an up-to-date qualification report (less than 24 months old) ;
• Require a published certification policy (CP) publicly accessible and audited ;
• Ensure that the terms and conditions explicitly provide for the issuance of qualified certificates as per Annex I of the eIDAS Regulation.

Operational and support criteria

• Procedures for enrolment of signers: face-to-face at a branch, video identification compliant with eIDAS or NFC from an electronic identity document ;
• Support in French with contractual response times ;
• Training and documentation available for your legal and IT teams.

If your organisation manages significant HR document flows, our dedicated page on electronic signature for HR teams details specific use cases (employment contracts, amendments, onboarding) and recommended signature levels by document type.

---

eIDAS 2.0: what changes for qualified providers in 2026?

The eIDAS 2.0 Regulation (EU Regulation 2024/1183, progressively applied since May 2024) introduces several structural changes that directly impact QTSPs and their clients.

The European Digital Identity Wallet (EUDI Wallet)

Article 6a of the revised regulation requires Member States to offer, by September 2026, a digital identity wallet (EUDI Wallet) recognised throughout the EU. For qualified providers, this means:

• The obligation to accept identity attributes from the wallet as proof of identity for signer enrolment ;
• The emergence of a new qualified service: the issuance of qualified electronic attestations of attributes (Qualified Electronic Attestation of Attributes, QEAA).

New qualified services and scope extension

eIDAS 2.0 expands the list of qualified trust services to include:

• Qualified electronic archiving services (QPDS, Article 45f) ;
• Remote signature creation device management services (QRCD).

These changes represent both a compliance constraint (tight deadlines for existing providers) and an opportunity for differentiation for newcomers able to quickly integrate technical specifications published by ENISA and ETSI.

For businesses considering migration from an existing platform to a more compliant solution, our migration guide from DocuSign or YouSign to Certyneo presents the concrete steps and regulatory points of vigilance.

Legal framework applicable to qualified eIDAS service providers

eIDAS Regulation and European law

The legal foundation is the Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (known as the "eIDAS Regulation"), as amended by Regulation (EU) 2024/1183 (eIDAS 2.0). This regulation is directly applicable in all Member States without national transposition.

Its key provisions for qualified providers:

• Article 17: obligation for each Member State to designate a supervisory body (in France, ANSSI) ;
• Article 20: procedure for supervision, audit and registration on the trust list ;
• Article 25: presumption of equivalence between QES and handwritten signature, with guaranteed legal effect throughout the EU ;
• Annex I: requirements for qualified certificates for electronic signature ;
• Annex II: requirements for qualified signature creation devices (QSCD).

French law

In internal law, the electronic signature is governed by:

• Civil Code, Articles 1366 and 1367: Article 1366 recognises the probative value of electronic writing provided it guarantees the identity of the author and the integrity of the document. Article 1367 specifies that electronic signature consisting of a reliable identification process is presumed reliable when created in accordance with the implementing decree ;
• Decree No. 2017-1416 of 28 September 2017: defines the conditions under which qualified electronic signature is presumed reliable in France, by explicitly referring to the eIDAS Regulation ;
• Ordinance No. 2005-674 of 16 June 2005 relating to the performance of certain contractual formalities by electronic means.

Personal data protection

Enrolment and signature processes involve the processing of personal data (identity data, biometrics for video identification). The qualified provider is subject to Regulation (EU) 2016/679 (GDPR) and must in particular:

• Appoint a DPO if processing is on a large scale ;
• Document the processing in the CNIL register ;
• Frame transfers outside the EU with appropriate safeguards (standard contractual clauses, adequacy decision).

Cybersecurity and resilience

Since October 2024, the NIS2 Directive (2022/2555/EU) applies to qualified trust service providers, classified as essential entities. They must implement cybersecurity risk management measures, notify significant incidents to ANSSI within 24 hours, and submit to regular audits. Non-compliance exposes them to fines of up to €10 million or 2% of global annual turnover.

Reference technical standards

• ETSI EN 319 401: general requirements for trust service providers ;
• ETSI EN 319 411-2: policy profile for qualified certificates ;
• ETSI EN 319 132: XAdES signature formats ;
• ETSI EN 319 122: CAdES signature formats ;
• ETSI EN 319 162: PAdES signature formats (PDF).

Usage scenarios: when is qualified eIDAS signature essential?

Scenario 1 — A law firm managing deeds under private seal with high probative value

A business law firm of about twenty employees handles dozens of share transfers, settlement agreements and representations and warranties agreements (MAC clauses) each month. These deeds involve sums often exceeding several hundred thousand euros and are susceptible to being contested in court.

Before migrating to a qualified eIDAS provider, the firm used an advanced signature solution (AES), which was sufficient for the majority of routine deeds. After an incident where the opposing party contested the authenticity of a signature during litigation, the firm chose QES for all high-stakes deeds. Result: 90% reduction in time spent producing signature evidence during contentious proceedings, thanks to the irrebuttable legal presumption attached to QES. The per-signature unit cost (approximately €2 to €5 depending on volumes) was entirely absorbed by the reduction in litigation costs.

Scenario 2 — A mid-sized industrial company managing cross-border supplier contracts

A mid-sized industrial equipment company, with suppliers based in France, Germany, Italy and Poland, previously had to send its framework contracts by postal mail or organise face-to-face signature meetings, generating delays of 10 to 21 business days per contract.

By deploying a solution connected to a European QTSP registered on the Trust List, the company reduced the signature cycle to less than 48 hours on average. Mutual recognition between Member States guarantees legal value without the need for additional legalisation. On a portfolio of 350 annual supplier contracts, the estimated savings in administrative and logistics costs exceed €40,000 per year, according to ranges consistent with sector studies published by ACFE and APQC.

Scenario 3 — A hospital group subject to healthcare sector requirements

A hospital group of approximately 1,200 beds must electronically sign public contracts, clinical research agreements and practitioner employment contracts. These documents are subject to the Public Procurement Code, which requires an electronic signature compliant with the RGS (General Security Benchmark) level ** or, since the digitisation of public procurement, an equivalent eIDAS level.

By relying on a QTSP registered on the French Trust List, the group guarantees compliance with Article R. 2132-7 of the Public Procurement Code while reducing contract signature delays from 15 days to less than 72 hours. API integration with the hospital information system (HIS) enabled automation of document sending and tracking, freeing up approximately 0.4 FTE on contract-related administrative tasks.

Conclusion

Choosing a qualified eIDAS provider is not just a software purchase: it is a strategic decision that commits the probative value of your deeds, the regulatory compliance of your organisation and the trust of your business and institutional partners. In 2026, with the progressive entry into force of eIDAS 2.0 and the new NIS2 obligations, the level of requirements is only increasing.

The essential points to remember: systematically verify registration on the official Trust List, require a published certification policy, and adapt the signature level (QES, AES, SES) to the legal significance of each document.

Certyneo supports you in this process by giving you access to qualified certificates via registered QTSPs, a robust API integration and dedicated legal support. Ready to move to qualified signature? Request a demonstration or create your account on Certyneo and put your organisation into compliance today.